An expert panel at CW 2018 shared best practices on how to address expectations concerning employee behavior, how to properly respond when allegations of sexual harassment arise, and how to communicate with senior leaders and the board on the importance of preemptive action.

New sustainability standards are emerging to help companies identify and report the risks related to their environmental, social, and corporate governance efforts in their annual reports. As companies seek to take their sustainability reporting to the next level, the focus is on materiality. “One of the challenges in sustainability reporting has been how to determine what’s material—what matters most to stakeholders,” says Frank O’Brien-Bernini, chief sustainability officer of Owens Corning.

Getting executives and middle managers to support the goals of compliance can be an uphill battle at many companies, especially where compliance is viewed as an obstacle to getting things done. To change that view, compliance needs to show that the program can add value. "The stronger the safety controls, the more risks you can take," says Anthony Dell, global chief compliance and ethics officer at investment adviser Ares Management.

Document-centric approaches to policies—that lack technology to manage communication and enforcement—are a recipe for disaster, and could actually cost companies more, since they expose them to ineffective policy management. In the latest installment of our GRC Illustrated series, we look at how IT systems can be put to work for policy management, so the compliance team can, you know, actually enforce things.

Lapses in ethics and compliance by major suppliers or contract manufacturers not only cause embarrassment and anger consumers, as companies like Apple and Samsung can attest; they also create exposure to potential violations of anti-bribery and corruption laws. Increasingly, companies are improving processes and systems to manage risk in the supply chain. How? More details inside.

Never has third-party risk management been as high a priority as it is in today's stringent anti-corruption enforcement environment. Yet many companies still have not refined the processes used to mitigate third-party risks. The first step is to establish a credible and defensible risk model. More details inside.

Tyco's $27 million settlement on FCPA charges last week could be a bit dispiriting to compliance officers; after all of that company's prior troubles and attempts to improve, it's in trouble again? Take heart in the silver lining that Tyco's vigorous efforts at self-disclosure and cooperation do seem to have led to much less punishment than what could have been meted out. Our full look at the case is inside.